CVRT Privacy Statement

​The RSA (“we”, “us”, “our”) is classified as a "Controller" under the General Data Protection Regulation ((EU) 2016/679) ("GDPR") in respect of certain Personal Data you furnish to us.

This Privacy Notice is meant to help you understand what Personal Data we collect about you, why we collect it, and what we do with it.

What is Personal Data?

“Personal Data” is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes Special Categories of Personal Data;

"Special Categories of Personal Data" is any Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.

Personal Data Collected and Processed

We collect and process Personal Data relating to you in connection with our relationship with you. The information that we collect depends on what you do when visiting the website. We may collect personal information from you when you register for a CVRT online account, make a self-declaration, book a test for a vehicle,  request a replacement Certificate of Roadworthiness (CRW), sign up for reminders via SMS/email as to when your vehicle is due a test, search the CRW expiry date of a vehicle or submit feedback to us via the website in relation to our services  
Depending on the service used by you the type of Personal Data and method of collection will vary. The Personal Data collected by us includes, but is not limited to, name, address, date of birth, gender, Driver Number, PPS Number, contact details, vehicle registration number, payment details and any other information relating to you that you provide to us or that we generate about you in connection with your use of the Website

We do not collect any personal information from this website apart form information which you provide in using any of our services. Any information you provide is not shared with any third party and is used only for the purpose for which it was provided

Technical Data Collected

When you visit our website, we gather statistical and other analytical information on an aggregate basis of all visitors to our website. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.

This website uses cookies​ which are used by Google Analytics and temporary "session" cookies which enable a visitor’s web browser to remember which pages on this website have already been visited. Cookies are small data files placed on your computer or internet enabled device by websites in order to add functionality. A cookie can be used to identify a user’s computer or internet enabled device to the Website, or to other third party websites.   Cookies help to improve the usage and effectiveness of the Website, for example by remembering preferences expressed by a user or tracking a user’s use of the Website for statistical analysis. The data collection and reporting behind this analysis is currently provided by Google Analytics. Your continued use of the Website will indicate your agreement to the use of a google analytical cookie. 

We also use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on link. You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link. ​

Visitors can use this website with no loss of functionality if cookies are disabled from the web browser. Technical details in connection with visits to this website are logged by our Internet service provider for our statistical purposes. No information is collected that could be used by us to identify website visitors. The technical details logged are confined to the following items:

  • ​The IP address of the visitor's web server
  • The top-level domain name used (for example .i.e., .com, .org, .net)
  • The previous website address from which the visitor reached us, including any search terms used
  • Clickstream date which shows the traffic of visitors around this web site (for example pages accessed and documents downloaded)
  • The type of web browser used by the website visitor

Sources of Personal Data

In providing our services to you may collect data from you and from the following sources:

  • Department of Transport Tourism and Sport (National Driver & Vehicle File), (RTOL)
  • An Garda Siochana
  • CVR testers and CVT Test Operators
  • Local Authorities
  • CRO Company Lookup Service
  • GeoDirectory Address Lookup Service (Autoaddress)
  • CMOD PPSN Verification Service
  • Octet Driver Tachograph Card Validation Software
  • DVSA (Driver and Vehicle Standards Agency) 
  • PCI Payment Gateway

In all instances the data collected is the minimum required for us to provide the service to you.

Purposes for which we hold your Personal Data

​The Personal Data that is referred to above will be processed for the purposes of providing a service to our customers and to fulfil the RSA’s regulatory obligations in respect of all aspects of operating the Commercial Roadworthiness Testing Service. 

We only collect, utilise and share Personal Data in strict adherence with Data Protection laws and principles. Categories of processing include your consent to do so, processing on the basis of a legal obligation, and in order to complete the performance of a contract. If at any time we need to use your Personal Data for a purpose that is different from the original purpose we will contact you regarding this change.

Our legal basis for collecting and using this information in accordance with the provisions of this Data Privacy Notice is: processing is necessary for compliance with a legal obligation to which the controller is subject.

Where you have provided consent for the use of your Personal Data, you can withdraw it at any time by informing the RSA’s Data Protection Officer, however, this will not affect the lawfulness of processing which was carried out based on your consent prior to its withdrawal.

Disclosure of your Personal Data to Third Parties

We disclose your Personal Data to various recipients in connection with the above purposes, including:

  • ​Department of Transport Tourism and Sport (National Driver & Vehicle File), 
  • An Garda Siochana
  • CVR testers and CVT Test Operators
  • A.A. Ireland - our technical service inspection providers
  • Local Authorities
  • Third parties who we engage to provide services to us in connection with the Website, such as outsourced service providers, IT services providers, professional advisers and auditors
  • Third parties we engage in connection with replacing CRWs and CVR testing

The RSA has entered into contractual arrangements with each of its third party contractors which ensures that any personal data transferred to it by the RSA can only be used for the purposes specified in relation to the services provided. 
 
We will disclose your Personal Data if we believe in good faith that we are required to access, use, preserve or disclose it in order to comply with any applicable law or regulation, a summons, a search warrant, a court or regulatory order, or other statutory requirement.

Transfers of your Personal Data outside of the European Union

In as far as is practicable the RSA endeavours to hold all personal data within the EEA. We will endeavour not transfer your Personal Data outside the EEA, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for Personal Data as is provided for in the European Union.

If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a data processing agreement in respect of the transfer which contains the ‘standard contractual clauses’ approved by the European Commission, or in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework (or any replacement framework).  Further details of the measures that we have taken in this regard are available on request from the Data Protection Officer. 

How we secure your Personal Data

Where we host a service your Personal Data is held on secure servers within the EEA. In cases where a service is not hosted by us, the service provider has provided assurances in respect of the security of their hosting environment.

Where you communicate with us via our website, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.

Your Rights

You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your Personal Data:

  • ​The right to access your Personal Data;
  • The right to request the rectification and/or erasure of your Personal Data;
  • The right to restrict the use of your Personal Data;
  • The right to object to the processing of your Personal Data; 
  • The right to be forgotten in certain circumstances; and
  • The right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller

​How you can exercise your rights

In order to execute any of the rights set out above, please contact us.

How long we retain your Personal Data

We will not hold your Personal Data for longer than is necessary. We retain your Personal Data for as long as we need it for the purposes described in this Privacy Notice (including but not limited to section 6 (Disclosure of your Personal Data to third parties)), or to comply with any applicable law or regulation, a summons, a search warrant, a court or regulatory order, or other statutory requirement. 

Changes to this Privacy Notice and our Policies

We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.

Questions and Complaints

If you have any questions regarding this Privacy Notice, you can contact us using the information below: 

Mr. Eamonn Kennedy
Data Protection Officer
Road Safety Authority
Moy Valley Business Park
Primrose Hill
Ballina
Co. Mayo
F26 V6E4

Email: DataProtection@rsa.ie

You have the right to lodge a complaint with the Irish Data Protection Commissioner (or any replacement organisation)